Skip to content
NovaVMS Manual

Reset a user's password

Resetting a user’s password revokes every active session that user holds and forces them to set a new password on their next login. The new temporary password is emailed directly to the user — you, the admin, never see it and cannot set it by hand. This is a deliberate security design: the reset channel bypasses you so that a compromised admin cannot silently set a known password on a target account.

Procedure

  1. Open Admin → Users.
  1. Open the row menu on the user who needs a reset.
  1. Click Reset Password.
  1. Confirm the action. NovaVMS generates a 12-character temporary password, sets password_reset_required, and revokes every active session for the user.
  1. If SendGrid is configured, the user receives an email with the temporary password. If SendGrid is not configured, the temporary password is returned in the API response — deliver it through a channel you trust (not email, not chat logs). This is the only scenario where you see the password.

Common variations

  • User never received the email: see Invitation email didn’t arrive. The same SendGrid pipeline delivers password resets.
  • User asks to set their own password: point them at Forgot password — the self-service flow. They’ll get a reset link valid for one hour.
  • Suspected account compromise: after the reset, also review their sessions and the audit log for recent activity under their user ID.

If this didn’t work

  • If Reset Password is missing from the row menu, your role is Operator or Viewer. Password reset is Admin/Owner only.
  • If the email never arrives, see Invitation email didn’t arrive.
  • If the user calls back saying their new password doesn’t work, confirm they’re typing the temporary password and not their old one — the old one is revoked the moment you click Reset.